windows users having trouble authenticating

Sallee, Stephen (Jake) Jake.Sallee at umhb.edu
Mon Aug 2 21:52:41 CEST 2010


I have a working FreeRADIUS server that will authenticate linux clients
happily, however my windows clients are unable to authenticate.  Here is
a snippet

--------------------------------------------------
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 7
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert read:fatal:unknown CA
    TLS_accept:failed in SSLv3 read client certificate A
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
TLS receive handshake failed during operation
[peap] eaptls_process returned 4
[peap] EAPTLS_OTHERS
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [test1 at umhb] (from client Sanderford port 129 cli
00-17-C4-F0-75-C8)
Using Post-Auth-Type Reject
--------------------------------------------------

As you can see the problem seems to lie in the TLS section, but I have
followed all the HOWTOs I can find on installing and configuring the
server cert.  but to no avail.  How do I tell the FreeRADIUS box to
trust its own certificate?  The cert was generated and signed on the
FreeRADIUS box.

Also as a side note, the linux users are able to authenticate by typing
in domain\username, but doing this on a windows box shows very strange
things in the radius log, and fails to authenticate.  Is there a way to
make both operating systems behave the same?  Otherwise my windows
clients must use the username at domain convention, once I get that working
:)



Jake Sallee
Godfather Of Bandwidth
Network Engineer

Fone: 254-295-4658
Phax: 254-295-4221







More information about the Freeradius-Users mailing list